ClawHub

Xiaohongshu (RedNote) Note Search API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow RedNote search API wrapper, but it handles the JustOneAPI token in ways that can expose the credential.

Install only if you are comfortable sending RedNote search keywords and a JustOneAPI token to api.justoneapi.com. Treat the token as sensitive: avoid shared systems and command logging, assume URLs containing the token may be logged, and rotate the token if it may have appeared in shell history, process listings, logs, or monitoring tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The API token is explicitly defined as a query parameter and is later appended into the request URL. Query-string secrets are commonly exposed via logs, browser/history tooling, proxies, monitoring systems, and error reports, making credential leakage more likely even when HTTPS is used.

Missing User Warnings

High
Confidence
94% confidence
Finding
The manifest requires an access token and sends it to a third-party API as a query parameter, but provides no user-facing warning or safer handling guidance. Tokens in query strings are especially risky because they can be logged by clients, proxies, servers, browser history, and observability systems, increasing the chance of credential leakage and unauthorized API use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill performs external note-search requests using user-supplied keywords, but the manifest does not disclose that those search terms are transmitted to a third-party service. Search keywords can contain sensitive business, personal, or investigative queries, so silent exfiltration of prompt-derived or user-entered terms creates a privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The API documentation requires the access token to be sent as a URL query parameter, which commonly exposes credentials through browser history, intermediary logs, analytics tooling, reverse proxies, and referrer leakage. In an agent/tooling context, this is especially risky because generated requests and debugging traces often capture full URLs, increasing the chance of token disclosure beyond the intended recipient.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal